Go to homepage
Your personal Footprint analysis data

The smart analysis of your shoe size via smartphone - a perfect fit for Joe Nimble. Find your perfect fitting shoe, reduce returns and protect the environment. Exclusively with us: your individual runner's hallux analysis including tips and tools for improvement.

More about footprint analysis Directly to your analysis data
FAQ Size advice Save shopping Shipping costs Newsletter
Contact Returns Portal

Data protection

The following privacy policy informs you about how we use your personal data. We comply with the provisions of German data protection law and the requirements of the European General Data Protection Regulation (GDPR).

Note:You can change your privacy cookie settings at any time using the fingerprint button at the bottom right of the page.

1. Data Controller

The data controller for the Joe Nimble online shop, as defined by the GDPR and other country-specific data protection regulations, is:

Joe Nimble GmbH
Kammererstr. 37
71636 Ludwigsburg

Phone: +49 (0) 7141 376130
Email: support@joe-nimble.com

2. Contact Data Protection Officer

You have the right to contact our Data Protection Officer at any time with any questions regarding data protection.

Mr. Frank Eckerkunst
IT Werk Giessen GmbH
Siemensstraße 7
35394 Giessen
Email: datenschutz@joe-nimble.com

3. Accessing Our Websites

When you access our websites, we only collect the data that your internet browser automatically transmits to us, such as the requesting provider, the IP address of your device, the date and time of the page request, your browser type, browser version and browser settings, the operating system used (Windows, iOS, Linux, etc.), the amount of data transferred and the status of transfers, the website from which you accessed our site, and other similar data and information that serves to prevent attacks on our IT systems. This data is used for improving and ensuring the connection to the website, improving the usability of the website, evaluating system security and stability, and for administrative purposes.

We process this data based on our legitimate interests pursuant to Art. 6 Para. 1 Sentence 1 lit. f GDPR. Our legitimate interests correspond to providing a stable and secure online presence. If device data is accessed, this is necessary to enable your requested access to our website in accordance with Section 25 Paragraph 2 No. 2 of the German Telemedia Act (TMG). Our website is hosted by the service provider Plusserver GmbH. The log files are stored for the duration of your session. ```

4. Contact Form

On our website, we offer you the opportunity to contact us using a contact form.

The personal data you provide in connection with a contact request will only be used to process your request. In addition to the message, we also store your name and email address. Please note that messages may be retained in accordance with statutory retention obligations.

Your data will not be shared with third parties, subject to the following provisions.

We process your data based on our legitimate interest in being able to respond to contact requests, Art. 6 para. 1 sentence 1 lit. f GDPR.

We delete the data from your request as soon as the matter of your request has been resolved and we no longer need to retain it for legal reasons.

5. Sending Newsletters, Surveys, and Personalized Information

We regularly send newsletters, surveys, and other personalized information. For this purpose, we use your contact details, including your full name and email address. Our newsletters may contain an embedded pixel file. This enables a log file to be recorded when the newsletter is opened and contains technical information such as the IP address, the time of access, and information about the operating system and browser used. This information and data allows us to statistically analyze our newsletter, including whether and when it was opened and which links were clicked. All information is stored anonymously, so neither we nor our shipping provider can subsequently perform personal evaluations/analyses. We process your data only with your consent for the purpose of sending messages, Art. 6 para. 1 sentence 1 lit. a GDPR. For the use of the analytics pixel, we also rely on your prior consent in accordance with § 25 para. 1 TDDDG. You are entitled to revoke your consent at any time with effect for the future. Unsubscribing via the newsletter's unsubscribe link simultaneously constitutes a revocation of your consent. Alternatively, you can also revoke your consent by sending an email to support@joe-nimble.com. If you wish to subscribe to the newsletter offered on the website, we require an email address from you, as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive the newsletter. To ensure that newsletters are only sent with your consent, we use the so-called double opt-in procedure. This involves adding the potential recipient to a mailing list. The user then receives a confirmation email, allowing them to legally confirm their subscription. Only after this confirmation is the address actively added to the newsletter mailing list. Verifying your email address is based on our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR. Your email address will only be stored permanently if you have completed the double opt-in process. We may send you information about our own similar products to your email address if you purchase goods on our website. Sending direct marketing to existing customers is based on our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR (in conjunction with Section 7 para. 3 of the German Unfair Competition Act (UWG)). You can object to receiving this type of marketing at any time as described above, either by email or via the unsubscribe link in the message itself. If you have objected, we will only store your email address permanently, as we are obligated to ensure that you no longer receive direct marketing from us. The legal basis for this is Article 6(1)(f) GDPR.

Inxmail is used as the newsletter software/mailing service provider. Your data will be transmitted to Inxmail GmbH, Wentzigerstr. 17, 79106 Freiburg, Germany.

6. Cookies and Web Analytics Tools

a) Use of Cookies/CookieFirst

On our website, we use the CookieFirst service, a Consent Management Platform (CMP) provided by CookieFirst BV, Herenweg 24, 2106 ME Heemstede, Netherlands.

CookieFirst is used to obtain and manage the consent required under legal regulations (in particular GDPR and TDDDG) for the use of cookies and similar technologies. By default, the tool blocks all non-essential cookies and services until you give your consent. Your consent is stored in a cookie on your device to recognize and document it for future visits.

When using CookieFirst, the following data is processed: your IP address (anonymized), information about your browser and device, your consent or refusal, and the time of your visit. Data processing is based on our legal obligation to be able to prove your consent status (Art. 6 para. 1 lit. a GDPR).

We have concluded a data processing agreement (DPA) with CookieFirst in accordance with Art. 28 GDPR to ensure the data protection-compliant handling of your data. The data is stored exclusively on servers within the EU. You can withdraw your consent at any time with effect for the future by adjusting your cookie settings.

b) Use of Google Analytics 4

This website uses Google Analytics 4, a web analytics service provided by Google Ireland Ltd., Gordon House, Barrow Street, Buglin 4, Ireland ("Google"). Google Analytics 4 uses "cookies," which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States. However, if IP anonymization is activated on this website, your IP address will be shortened by Google beforehand within member states of the European Union or in other member states of the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

On our behalf, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity, and providing us with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics 4.0 will not be merged with other Google data. You can prevent the storage of cookies by adjusting your browser settings; however, please note that in this case you may not be able to fully utilize all the functions of this website. Furthermore, you can prevent Google from collecting and processing data generated by the cookie and related to your use of the website (including your IP address) by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de. We process your data based on your consent, which you grant via the cookie consent banner, in accordance with Article 6 Paragraph 1 Sentence 1 Letter a GDPR and Section 25 Paragraph 1 TDDDG. You can withdraw your consent at any time with effect for the future. Google's parent company is located in the USA. Therefore, your data is also processed in the USA. Google is DPF-certified. This ensures a level of data protection comparable to that in the EU. You can find more information about DPF certification below in the section on third-country transfers. Google's parent company is located in the USA. Therefore, your data is also processed in the USA. Google is DPF-certified. This ensures that there is a level of protection comparable to that in the EU. You can find more information about DPF certification below in the section on third-country transfers. Google's parent company is located in the USA. Therefore, your data is also processed in the USA. Google is DPF-certified. This ensures that a level of protection comparable to that in the EU is maintained. You can find more information about DPF certification below in the section on third-country transfers. ...

Deactivate data collection by Google Analytics for this website.

You can find more information about this at https://tools.google.com/dlpage/gaoptout?hl=de and at https://policies.google.com/privacy?hl=de (general information about Google Analytics and data protection).

Please note that on this website, Google Universal Analytics has been extended with the code »data-googleAnonymizeIp="1"« to ensure anonymized collection of IP addresses (so-called IP masking).

c) Microsoft Clarity

We also use the Microsoft Clarity analytics tool from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, on our website. Microsoft Clarity allows us to measure reach through cookies and other technologies (e.g., device fingerprinting), statistically evaluate user behavior, and better understand and track their interactions with our website.

In doing so, we process various data, in particular data about your use of our website, such as which pages you visited and for how long, device and browser information, IP address, location data, and interaction data, e.g., clicks and scrolling. We have activated IP masking for our website, which shortens the IP address. Your data will be assigned to a single user ID. The legal basis for this is your consent, Art. 6 para. 1 sentence 1 lit. a GDPR (for data processing) and § 25 para. 1 TDDDG (for the use of cookies). You can withdraw your consent at any time with effect for the future. Microsoft also processes your data on our behalf in the USA. Microsoft is DPF-certified. This ensures a level of protection comparable to that in the EU. You can find more information about DPF certification below in the section "Transfer to Third Countries".

d) Endereco - Address Verification

On our website, we offer you the option of checking certain entries in address forms in our online shop for input errors in real time. This is intended to prevent problems with the delivery of the products you have ordered due to incorrect information.

Furthermore, we want to ensure that your contact details are valid for sending information about your order or for any necessary follow-up questions.

For the provision of these functions, we use the service provider Endereco, Balthasar-Neumann-Straße 4b, 97236 Randersacker. The service provider processes the data exclusively according to our instructions. We have a legitimate interest in ensuring that the data you enter during the ordering process is correct. Therefore, we process your data on the basis of Art. 6 Para. 1 Sentence 1 lit. f GDPR. The following data is processed by the service provider:

  • Address (country, city, postal code, street, house number if applicable)
  • Email address

The data is processed separately by the service provider and is not combined. The requests are deleted by the service provider as soon as the status of the entered data has been determined and storage in the webshop has been completed, but no later than 30 days.

e) AB Lyft - Testing Tool

To optimize our website and improve the user experience, we use the A/B testing tool AB Lyft, provided by Conversion Expert GmbH, Zeppelinring 52c, 24146 Kiel (available at app.ablyft.com). With AB Lyft, we test different variations of website content (e.g., text, layouts, or calls to action) to evaluate which versions are better received by users. When using AB Lyft, information about user behavior on our website is processed. This includes, in particular, page views, interactions (e.g., clicks), and technical information such as browser type, device, and a shortened or anonymized IP address. The data is processed exclusively for statistical purposes and to optimize our online offerings. Individual users are not personally identified. If AB Lyft uses cookies or similar technologies, this is done only on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR §25 para. 1 TDDDG. The data is processed via the AB Lyft platform. Further information on data processing can be found at: https://app.ablyft.com

7. Integration of the Trusted Shops Trustbadge 

To display our Trusted Shops seal of approval and any collected reviews, as well as to offer Trusted Shops products to buyers after an order, the Trusted Shops Trustbadge, provided by Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, is integrated on this website. 

When the Trustbadge is accessed, the web server automatically saves a so-called server log file, which contains, for example, your IP address, the date and time of access, the amount of data transferred, and the requesting provider (access data), and documents the access. After your order is completed, the collected data is transmitted to Trusted Shops. We process this data to protect buyers and to enable the evaluation of our services. This corresponds to both our and Trusted Shops' legitimate interests. The legal basis is Art. 6 Para. 1 Sentence 1 lit. f GDPR. We are jointly responsible with Trusted Shops. This means we have a contract with Trusted Shops specifying who is responsible for which processing of your data, when, and how. If you have any questions about the processing of your data, please contact Trusted Shops directly. You can find more information about contacting Trusted Shops and their data processing practices in the Trusted Shops Privacy Policy: https://business.trustedshops.de/impressum#a0_content.

This access data will be automatically overwritten no later than seven days after your visit to our website.

8. Use of Awin

On our website, we use the performance advertising network of Awin.com, Eichhornstraße 3, 10785 Berlin, as an affiliate program. As part of its tracking services, Awin stores cookies on the end devices of users who visit or use websites or other online services of its clients (e.g., register for a newsletter or place an order in an online shop) to document transactions (e.g., leads and sales). These cookies serve solely the purpose of correctly attributing the success of an advertising medium and the corresponding billing within its advertising network.A cookie only contains information about when a specific advertising medium was clicked on by an end device. Awin tracking cookies store a unique sequence of numbers that documents the advertiser's partner program, the publisher (i.e., the website on which the advertisement was displayed), and the time of the user's action (click or view). Awin also collects information about the device used to make the transaction, such as the IP address, operating system, and browser. The Awin service is only used if you have given your consent in accordance with Art. 6 Para. 1 Sentence 1 lit. a GDPR and Section 25 Para. 1 TDDDG. You can revoke this consent at any time with effect for the future via the cookie banner. For further information on Awin's data processing, please see: https://www.awin.com/de/datenschutzerklarung

9. Use of YouTube Widgets

This website uses widgets from the video streaming service YouTube to display YouTube videos. YouTube is offered in the EU by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube's so-called "enhanced privacy mode" to embed videos. In this mode, a cookie is only stored on your computer when you play the video. According to YouTube, however, no personally identifiable cookie information is stored for playbacks of embedded videos using enhanced privacy. You can find more information about this in YouTube's privacy policy: https://support.google.com/youtube/answer/171780?hl=de. By clicking on the video, data is sent to YouTube, over which we have no control. The videos allow us to visually illustrate our offerings. We process your data for this purpose based on your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR and Section 25 para. 1 TDDDG. You can withdraw your consent at any time with effect for the future. The parent company of Google Ireland is located in the USA. The information generated by YouTube is transmitted to and processed on servers in the USA. Google is DPF-certified. This ensures a level of protection comparable to that in the EU. You can find more information about DPF certification below in the section "Transfer to Third Countries."

10. Data Transfer to Third Countries

In connection with data processing, data may be transferred to third countries, i.e., to recipients outside the EU or the European Economic Area (EEA). If the European Commission has issued a decision regarding the third country confirming the existence of an adequate level of protection (see Art. 45 para. 3 GDPR), no additional measures are required for the data transfer. In the case of data transfers to recipients located in the USA, this is done on the basis of the so-called Transatlantic Data Privacy Framework (DPF) of 10 July 2023, provided the recipient has the corresponding certification. A list of currently certified companies can be found here [HR1.1]. In other cases, as well as in the case of data transfers to other so-called non-safety-assured third countries, data transfers only take place if the requirements of Art. 46 et seq. GDPR are met. Specifically, this means that data will only be transferred to third countries if: the recipient provides sufficient safeguards for the protection of personal data in accordance with Article 46 GDPR; you have expressly consented to the transfer in accordance with Article 49(1)(a) GDPR after we have informed you about the risks; the transfer is necessary for the performance of a contract between you and us; or another exception applies in accordance with Article 49 GDPR. Which of the aforementioned grounds applies in each individual case will be explained to you during the respective processing. Data transfers to recipients located in the USA who do not have DPF certification and for whom an adequate level of data protection cannot be established through safeguards in accordance with Article 46 GDPR will only take place with your consent in accordance with Article 49(1)(a). Article 6(1)(a) GDPR. We would like to point out that for recipients located in the USA without DPF certification, an adequate level of data protection comparable to that in the EU cannot be guaranteed. Therefore, the following risks exist when transferring personal data in this way: There is a risk that US authorities may gain access to personal data based on the PRISM and UPSTREAM surveillance programs, which are based on Section 702 of the Foreign Intelligence Surveillance Act (FISA), as well as on the basis of Executive Order 12333 or Presidential Police Directive 28. EU citizens have no effective legal remedies against such access in the USA or the EU.

11. Data Security

All information you submit to us is stored on servers within the European Union. However, we protect our website and other systems against loss, destruction, access, alteration, or distribution of your data by unauthorized persons through technical and organizational measures. In particular, your personal data is transmitted to us in encrypted form. We use the TLS 1.2 (Transport Layer Security) encryption protocol.

12. Your Rights

You have several rights under the GDPR. These are:

Right of access

According to Article 15 GDPR, you have the right at any time to request information from us about all data we store about you. This includes, in particular, information about: the purposes for which we process your data, the categories of data we process about you, the specific recipients or, if these are unknown, the categories of recipients to whom we transfer your data, the duration for which we store your data or, if this cannot be determined, the criteria under which we store your data, and, where applicable, the origin of the data if we did not collect it from you. Right to rectification If the data we process is incorrect or incomplete, you can request that we correct or complete this data at any time in accordance with Article 16 of the GDPR. Right to erasure (right to be forgotten) If the original legal basis for data processing no longer applies, or you have withdrawn your consent or objected to the processing, or if we are no longer permitted to process your data for any of the reasons listed in Article 17(1) of the GDPR, you can You have the right to request the erasure of your personal data from us in accordance with Article 17 GDPR. This right does not apply if the processing is necessary for exercising the right of freedom of expression and information, for the purposes of the processing which are necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us, for compliance with a legal obligation to which we are subject, or for the establishment, exercise or defense of legal claims. Right to restriction of processing: In accordance with Article 18 GDPR, you can also request the restriction of processing. You have this right if you contest the accuracy of the data, the processing is unlawful, we no longer need the data for the stated purposes, or you have objected to the processing and, in the latter two cases, we are not otherwise legally permitted to process the data.

Right to data portability

Furthermore, pursuant to Article 20 GDPR, you can request that we transfer your data to you or another controller in a structured, commonly used, and machine-readable format.

Right to withdraw consent

If you have given your consent as the legal basis for the processing of your data by us, for example, pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR, you can withdraw this consent at any time in accordance with Article 7(3) GDPR. If you do this, we will cease processing your data; however, the lawfulness of the processing remains unaffected by the withdrawal of your consent. Right to lodge a complaint with a supervisory authority: You also have the right to lodge a complaint with a supervisory authority pursuant to Article 77 of the GDPR. This should generally be the supervisory authority of your habitual residence or place of work; alternatively, you can also address your complaint to the supervisory authority at our company's registered office.

13. Right of objection
According to Article 21 of the GDPR, you have the right to object to the processing of your personal data if we process your personal data solely on the basis of our legitimate interests and there are grounds relating to your particular situation. If your objection relates to direct marketing, you have a general right to object without having to provide any specific reasons. You can submit your objection by email to support@joe-nimble.com.